M-12-18 Compliance: Where Does Your Federal Agency Stand?

Crunch time is rapidly approaching for federal government agencies to implement action plans in order to ensure compliance with a massive White House records preservation mandate. Ready or not, it’s coming.

On Aug. 24, 2012, in an Executive Branch-wide effort to develop a 21st-century framework for the management of government records that applies to all executive agencies and to all records regardless of security classification, the Office of Management and Budget (OMB) and the National Archives Records Administration (NARA) issued Memorandum M-12-18, Managing Government Records Directive. M-12-18 requires federal agencies to eliminate paper and use electronic record keeping “to the fullest extent possible.”

Far beyond e-mail correspondence, M-12-18 mandates the permanent electronic management of records such as Microsoft Word documents, PDFs, traditional SMS texts, encrypted communications, messaging apps and even direct messages on social media platforms. The Directive also suggests agencies “consider the benefits of digitizing permanent records created in hard-copy format or other analog formats” such as microfiche, microfilm, analog video and analog audio.

Despite another two years until the Directive’s final compliance deadline, federal agencies have their work cut out for them. Faced with rapidly evolving guidance and requirements that remain open to interpretation, agencies should look to a technology solution as the answer to their records preservation challenge.

So, where does your agency stand?

Did You Miss the Starting Gun?

Many businesses and government agencies are using scanning technology to go paperless but merely digitizing documents from paper to cloud is not enough. Enterprise Content Management (ECM) tools and strategies make it possible to not only preserve and store but also manage an agency’s unstructured information.

In fact, a recent article in the Bulletin of the Association for Information Science and Technology labeled the ECM system as “the cornerstone of a modern records management program” when it comes to compliance with the Directive. An ECM solution, such as Microsoft SharePoint, allows users to capture information, as well as manage access to specific documents and records.

Microsoft SharePoint Solutions can store every document and record in one central system and keep track of every version of the document. SharePoint functionality can not only enforce information management policies, but also automate businesses processes–improving efficiency and timeliness.

Complete the Circuit

Federal agencies that have already moved their documents to an ECM solution must ensure they see the process through to the end. A comprehensive document retention and disposition policy is a critical book-end to an ECM solution and should include storing, tagging and retrieving data, as well as disposition. Agencies can no longer afford to pay lip service to these policies and most develop and document how the data will be retained and disposed in order to be in compliance with the new M-12-18 mandate.

Once these policies are documented, agencies can work within their ECM solution to build those policies into the system and, in some cases automate them. For example, by engaging Data Loss Prevention policies within SharePoint 2016’s Compliance Policy Center organization to build its own policies and apply them to the SharePoint environment to automatically encrypt and secure documents. Administrators can also enable an in-place hold policy within SharePoint which preserves documents, e-mails and other files.

For those agencies whose ECM solution does not have built-in policies, or if your agency needs a more robust solution to policy management, there are a number of third-party solutions that will integrate with your ECM solution – such as Gimmal. This DocPoint partner is a leading provider of information and records management services with growing list of federal government clients and an established track record of meeting the requirements of the Presidential Records Management Directive.

Gimmal is the only company that can make SharePoint compliant to DoD 5015.2 – the baseline standard for records management established by the Department of Defense, endorsed by NARA and recognized in both government and the private sector.

Finish Line Ahead

Having a plan in place to meet the 2019 White House deadline is a must for federal agencies. Measures taken today shouldn’t just ensure compliance a current mandate but should also look toward an increasingly digital future to ensure secure and efficient access to official documents going forward.


Did you know scanning, consulting, and record management solutions, are available through DocPoint’s GSA Schedule 70? Contact us to learn more about how we can help your agency be NARA compliant.